Information on Shellshock Unix Bug

October 8, 2014 / Web Hosting Security

Shellshock is a bug in the Bash system that is used to exert commands on Unix-based operating systems and relates to the processing of environmental variables. It is believed that the bug has existed for around 25 years, but has only just been discovered by Linux expert Stéphane Chazelas and poses a threat to any system that uses the Bash command line interface; this means that any servers running a Linux distribution could be vulnerable and require patching, as well as any Linux distributions used on the desktop, including Mac OSX as this is a Unix-based OS.

The threat lies in the ability for hackers to create specially crafted environmental variables, with potential for the scope of the attack to be extended to include commands, which if achieved would allow hackers to run or install applications on a victim’s machine. Apache also stands to be vulnerable as CGI scripts are executed using shell commands and so it wouldn’t take much for a hacker to call a CGI script using some malicious code. A lot of this is just hypothetical for now since no attacks have been officially recorded thus far.

How does this compare to Heartbleed?

These two bugs focus on different targets. Heartbleed was a bug that lay at the heart of the OpenSSL, an application that is used to encrypt and secure a majority of Internet traffic. With Heartbleed, the security of Internet communications using the application was put at risk as it made it possible for hackers to decrypt what were thought to be secure connections, therefore giving them access to sensitive information. Shellshock on the other hand could prove to be more toxic as it targets Unix-based servers and their command-line interface (CLI) through which the systems are controlled. With much of the Internet running on Apache and with the chances of these Apache web servers running on a Linux base being high, Shellshock has the potential to be more damaging and widespread than Heartbleed.

How can I check if my Linux server or desktop machine is vulnerable?

By running the following Bash command, you will be able to identify if your Linux server is vulnerable:

 env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

In the event that you see the following output, your system is vulnerable:

Bash is vulnerable!
Bash Test

You should then take the necessary steps to protect your server by applying the latest Bash patch. Our 24×7 support team is available to assist you with the process at all times.

What impact will Shellshock have on my Linux server?

Shellshock could leave your Linux server (cloud or dedicated) open to remote attack. It is important to ensure that your server is patched as quickly as possible in order to protect your information and so that a hacker doesn’t have the chance to attack. Particular attention should be paid to servers that are running Apache, specifically with the mod_cgi and mod_cgid modules included; particular installations of OpenSSH and some DHCP clients are also vulnerable. A patch has already been released and in order to take advantage of this, you should use the package manager that is included with your Linux distribution; this should be available for major distributions such as Ubuntu, CentOS, Redhat and Fedora. If you are unsure of how to do this then simply contact our 24×7 support team who will be able to patch your server for you.

Spread the love